Technology Law Sourcehttps://www.technologylawsource.com
Mapping the evolving legal landscapeThu, 12 Sep 2019 14:10:38 +0000en-UShourly1https://wordpress.org/?v=4.9.11Status of CBD products under Ohio law: Updatehttps://www.technologylawsource.com/2019/08/articles/intellectual-property-1/status-of-cbd-products-under-ohio-law-update/
Thu, 01 Aug 2019 18:18:57 +0000https://www.technologylawsource.com/?p=5810In our recent post, Status of CBD products under Ohio law: Part one, we discussed the perplexing regulations in Ohio that made it effectively illegal to sell hemp and Cannabidiol (CBD) despite passage of the Agriculture Improvement Act of 2018, otherwise known as the 2018 Farm Bill. That landscape has now changed in Ohio with the passage of Senate Bill 57, signed into law by Governor DeWine on July 30, 2019.

The version of Senate Bill 57 that Governor DeWine signed into law has special emergency provisions making the legislation effective immediately upon signing the bill. This post will examine what Senate Bill 57 does to change Ohio’s legal landscape for hemp and CBD and provides an overview of what Ohioans can expect as the hemp program takes shape in Ohio.

What Senate Bill 57 Does

Senate Bill 57 (Hemp Bill), follows the Farm Bill’s lead by removing hemp from the definition of “marihuana” in Ohio’s criminal statutes. By doing so, hemp and hemp-derived CBD are no longer illegal under Ohio state criminal law so long as the hemp derived products contain no more than 0.3 percent THC.

Further, the Hemp Bill tasks the Ohio Department of Agriculture (ODA) with developing a cultivation and processing licensing program to regulate hemp in Ohio. This plan must comply with the minimum standards set forth in the Farm Bill and will ultimately require federal approval from the United States Department of Agriculture (USDA).

In our recent post, Status of CBD products under Ohio law: Part one, we discussed the perplexing regulations in Ohio that made it effectively illegal to sell hemp and Cannabidiol (CBD) despite passage of the Agriculture Improvement Act of 2018, otherwise known as the 2018 Farm Bill. That landscape has now changed in Ohio with the passage of Senate Bill 57, signed into law by Governor DeWine on July 30, 2019.

The version of Senate Bill 57 that Governor DeWine signed into law has special emergency provisions making the legislation effective immediately upon signing the bill. This post will examine what Senate Bill 57 does to change Ohio’s legal landscape for hemp and CBD and provides an overview of what Ohioans can expect as the hemp program takes shape in Ohio.

What Senate Bill 57 Does

Senate Bill 57 (Hemp Bill), follows the Farm Bill’s lead by removing hemp from the definition of “marihuana” in Ohio’s criminal statutes. By doing so, hemp and hemp-derived CBD are no longer illegal under Ohio state criminal law so long as the hemp derived products contain no more than 0.3 percent THC.

Further, the Hemp Bill tasks the Ohio Department of Agriculture (ODA) with developing a cultivation and processing licensing program to regulate hemp in Ohio. This plan must comply with the minimum standards set forth in the Farm Bill and will ultimately require federal approval from the United States Department of Agriculture (USDA).

Rather than giving the ODA unfettered authority to create a brand new regulatory regime for hemp. the Hemp Bill requires that any licenses granted under the forthcoming ODA program must last for three years. Operators will be required to pay an application fee, an annual licensing fee, and any lab testing fees associated with annual inspections. Operators will also be required to maintain records related to the cultivation or processing of hemp and report that information to ODA or the USDA. The ODA may authorize certain operators, such as universities, to cultivate and process hemp without a license provided such activities are for research purposes only. ODA has six months to draft Ohio’s hemp regulatory rules and faces a steep timeline for getting the program up and running.

While no licenses are currently available to facilitate lawful hemp cultivation and processing in Ohio, selling hemp is now lawful under certain circumstances. Section 928.02(C) of the Hemp Bill allows any person to “possess, buy, or sell hemp or a hemp product” regardless of whether such individuals have a license. The Farm Bill authorized interstate transportation for lawfully cultivated hemp. Accordingly, if hemp is lawfully cultivated in another jurisdiction, it can be sold in Ohio now provided it is “properly inspected.” This latter caveat can be satisfied by contacting the ODA to have your hemp or CBD inspected prior to selling in Ohio.

The Hemp Bill also provides for a Hemp Marketing Program to facilitate hemp marketing similar to other commodity marketing programs authorized under state law; a Hemp Program Fund designed to fund administration and enforcement of Ohio’s hemp program; and specifically authorizes hemp farming to be valued according to its current agricultural use value (CAUV).

What Senate Bill 57 Does Not Do

Notably, while selling hemp and CBD are legal under the parameters discussed above, individuals skirting these carefully defined restrictions can still end up in hot water. Ohio’s Hemp Bill provides for criminal penalties that may be used to enforce the goals of Ohio’s hemp program. Operators that unintentionally violate the licensing requirements will be required to implement a corrective action plan and may have their license revoked. The ODA is required to report more culpable violations to the Ohio Attorney General’s Office, the United States Attorney General’s Office, and the local county prosecutor’s office. And, remember, if the hemp or CBD product has more than 0.3 percent THC, then it remains “marihuana” under state and federal law—a controlled substance for which there are severe criminal penalties in place.

Also, those operating with cultivation and/or processing licenses in Ohio’s medical marijuana control program are expressly precluded from participating in hemp cultivation and processing. Licensed dispensaries may, however, sell hemp and CBD products, though they are no longer the only way to get CBD legally in Ohio.

What’s Next for Ohio’s Hemp and CBD Market?

The ODA quickly posted on its website that “Hemp is Now Legal”. Over the next six months, the ODA will work to promulgate regulations governing Ohio’s hemp licensing program. The ODA’s goal is to have the hemp program up and running for cultivators and processors in Ohio by spring of 2020. However, Ohio must first get approval from the USDA which has yet to promulgate federal regulations outlining the state hemp plan submission process. The USDA has stated that such rules should be available late this year and will be prepared in time for the 2020 growing season.

In the meantime, Columbus, Ohio headquartered Green Growth Brands announced the same day the Hemp Bill was signed that it would begin selling CBD products in mall kiosks. And, as tension over trade policies continues to rise with countries that have historically been major consumers of American agriculture, Ohio farmers may begin looking to hemp as a more stable investment. The bottom line, expect to see CBD products for sale at store near you!

In its Answer, Nike asks for a declaration that Nike is the sole owner of copyrights in the modified “KL2” logo, a finding that Kawhi’s use of the modified “KL2” logo infringes the copyrights owned by Nike, cancellation of Kawhi’s copyright registration to the modified “KL2” logo due to fraud in his copyright application, and a finding that Kawhi breached the “Men’s Pro Basketball Contract” he entered into with Nike on October 26, 2011.

Background

According to Nike’s Answer, Nike and Kawhi entered into an endorsement contract effective Oct. 1, 2011. The endorsement contract included standard terms and conditions including that:

“NIKE shall exclusively own all rights, title and interest in and to any logos, trademarks, service marks, characters, personas, copyrights, shoe or other product designs, patents, trade secrets or other forms of intellectual property created by NIKE (and/or its agents), CONSULTANT or ATHLETE in connection with this Contract”.

On or about April 14, 2014, Kawhi sent a sketch of his original “KL2” logo to Nike. Nike’s designers then created several proposed logos based on Kawhi’s sketch, including the modified “KL2” logo. Nike began selling merchandise branded with the modified “KL2” logo as early as spring of 2016. They then filed a copyright …

In its Answer, Nike asks for a declaration that Nike is the sole owner of copyrights in the modified “KL2” logo, a finding that Kawhi’s use of the modified “KL2” logo infringes the copyrights owned by Nike, cancellation of Kawhi’s copyright registration to the modified “KL2” logo due to fraud in his copyright application, and a finding that Kawhi breached the “Men’s Pro Basketball Contract” he entered into with Nike on October 26, 2011.

Background

According to Nike’s Answer, Nike and Kawhi entered into an endorsement contract effective Oct. 1, 2011. The endorsement contract included standard terms and conditions including that:

“NIKE shall exclusively own all rights, title and interest in and to any logos, trademarks, service marks, characters, personas, copyrights, shoe or other product designs, patents, trade secrets or other forms of intellectual property created by NIKE (and/or its agents), CONSULTANT or ATHLETE in connection with this Contract”.

On or about April 14, 2014, Kawhi sent a sketch of his original “KL2” logo to Nike. Nike’s designers then created several proposed logos based on Kawhi’s sketch, including the modified “KL2” logo. Nike began selling merchandise branded with the modified “KL2” logo as early as spring of 2016. They then filed a copyright application for the modified “KL2” logo which issued as US copyright registration number VA0002097900 effective May 11, 2017.

The endorsement contract between Kawhi and Nike expired on Sept. 30, 2018. In November of 2018, Kawhi signed a new endorsement contract with New Balance, Inc. Not surprisingly, the “KL2” logo became an item of contention rather quickly. In December of 2018, Nike wrote to Kawhi that Nike owned the modified “KL2” logo pursuant to its US copyright registration and demanded that Kawhi cease use of the modified “KL2” logo on non-Nike merchandise. Kawhi responded in January of 2019 that he intended to continue using the modified “KL2” logo on non-Nike merchandise. In March of 2019, Nike responded that it owned all intellectual property in the modified “KL2” logo and demanded that Kawhi cease all unauthorized use.

On May 3, 2019, in the midst of the NBA finals, Kawhi Leonard filed his lawsuit against Nike. Kawhi’s lawsuit asked for a declaration that Kawhi is the sole author of the modified “KL2” logo, that his use of the modified “KW2” logo does not infringe the rights of Nike, and that Nike committed fraud in its copyright application for the modified “KL2” logo. Kawhi appears to have filed his own copyright application on June 3, 2019 which resulted in US copy Right Registration number VA0002153704.

Copyrights

Without the benefit of viewing the original “KL2” logo”, I previously indicated that there were three possible scenarios with regard to copyrights in the modified “KL2” logo. These were that modifications to the original “KL2” logo are:

So minor that the modified “Kl2” logo, as a whole, is a copy or variation of the original “KL2” logo

Significant enough that the modified “KL2” logo, as a whole, represents an original derivative work

So transformative that the modified “KL2” logo, as a whole, represents an entirely new original work that is distinct from the original “KL2” logo

Original “KL2” logo Modified “KL2” logo

In comparing the original “KL2” logo” and the modified “KL2” logo (which are shown above), it is clear that the modifications to the original “KL2” logo are not minor and the modified “KL2” logo is not a copy or variation of the original “KL2” logo. For example, the wording “KL2” overlays an outline of a hand in the original “KL2” logo while the wording “KL2” forms a hand in the modified logo. It is important to note that pen names, pseudonyms, phrases, mottos, slogans, catchwords, advertising expressions and the like are not protectable by copyrights. If they are part of an original design or logo, however, the design or logo can be protectable by copyrights, but the copyrights cannot stop someone else from using the basic “words” in another way.

More broadly stated, copyrights do not protect facts or ideas; although they can protect the way those facts or ideas are expressed. The KL2 wording is expressed in a significantly different way between the two logos. Thus, we only need to review scenarios two (derivative work) and three (transformational) work in more detail.

Derivative Works

A derivative work is a new work that is based upon or derived from one or more pre-existing works. Common examples of derivative works are a translation of a book to a different language, a motion picture version of prior book or play, and a sequel movie that takes characters from a prior movie and tells what happened to those characters after the events in the prior movie. A derivative work must display some originality of its own separate from the pre-existing work. The derivative work cannot be an uncreative variation on the pre-existing work or it would simply be a copy of the pre-existing work.

As a result, a derivative work obtains copyrights separate from the copyrights of the pre-existing work. The copyrights in the derivative work protect only the new original elements in the derivative work that are created by the author of the derivative work. The copyrights in all the elements taken from the pre-existing work remain with the author of the pre-existing work.

The owner of the copyrights in the pre-existing work has the exclusive right to prepare and authorize others to prepare derivative works based on the pre-existing work. In the absence of contractual restrictions, a derivative work prepared under a grant to prepare a derivative work before termination of the grant is owned by the author of the derivative work, and the derivative work may continue to be utilized by the author of the derivative work under the terms of the grant after termination of the grant.

Without authorization from the owner of the copyrights in the pre-existing work, the creation of a derivative work is copyright infringement. However, the fair use doctrine protects transformational uses of pre-existing works without authorization from the owner of the copyrights in the pre-existing work.

Transformational Works

The fair use doctrine is a defense to copyright infringement that allows an otherwise “infringer” to make limited use of a pre-existing work without receiving authorization from the owner of the copyrights in the pre-existing work. In determining whether a particular use qualifies as fair use, four primary factors must be considered:

Purpose and character of the use

Nature of the original work

Amount and substantiality of the portion used

Effect of the use on the potential market for or value of the source work. However, courts also consider the concept of “transformation” which is sometimes referred to as the “fifth factor”

Transformative use is relatively new, being first used by the U.S. Supreme Court in 1994, in Campbell v. Acuff-Rose Music, 510 U.S. 569 (1994). A transformational work is like a derivative work in that it is based upon or derived from one or more pre-existing works. However, a transformational work uses the pre-existing work in such a completely new way or for such a completely new purpose that it is an original work separate and distinct from the pre-existing work. A transformational work is non-infringing of the pre-existing work even without authorization of the owner of the pre-existing work. Importantly, a work may be a transformational work even when all of the four statutory factors weigh against fair use. It is noted that the determination of whether a work is a transformational work is very fact intensive and very unpredictable.

Possible Outcomes

The parties appear to agree that Nike was authorized to modify the original “KL2” logo. Therefore, if it is determined that the modified “KL2” logo is a derivative work (the second scenario discussed above), Nike will own the copyrights to the modified “KL2” logo and can continue to use the modified “KL2” logo in the absence of any contractual restrictions stating otherwise. The endorsement contract does not appear to contain any such restrictions. This second scenario is not consistent with Nike’s copyright application because Nike did not indicate in its copyright application that the modified “KL2” logo was a derivative work. As a result, in this second scenario, Nike’s copyright registration is at risk of cancellation

If it is determined that the modified “KL2” logo is so transformative that the modified “KL2” logo, as a whole, represents an entirely new and distinct work of authorship (the third scenario discussed above), Nike will own the copyrights to the modified “KL2” logo and can continue to use the modified “KL2” logo in the absence of any contractual restrictions stating otherwise. The endorsement contract does not appear to contain any such restrictions. This third scenario is consistent with Nike’s copyright application because Nike did not indicate in its copyright application that the modified “KL2” logo was a derivative work.

Thus, Nike will prevail in each of these scenarios unless Kawhi can successfully establish that there was an express contractual provision in writing that overrides the above discussed copyright law and the endorsement agreement. Not surprisingly, Kawhi asserted in his complaint that he and Nike agreed that Nike could use the logo (although it is not clear which logo) “for the specific purpose of effectuating the Nike Agreement for the term of the contract”. If Kawhi can prove that there was such an agreement in writing with regard to the modified “KL2” logo, than Nike would no longer be able to use the modified “KL2” logo because the endorsement agreement has expired.

Even if proved, Kawhi still could not use the modified “KL2” logo because Nike would still own the copyrights in the modified “KL2” logo, unless Kawhi could prove that ownership of the copyrights in the modified “KL2” logo was transferred from Nike to him. A transfer of copyright ownership, other than by operation of law, is not valid unless the transfer of specifically identified rights is in writing and signed by the owner of the copyrights being transferred. It looks very unlikely that Kawhi will be able to use the modified “KL2” logo.

An alternative for Kawhi is to use the original “KW2” logo which he created prior to the endorsement agreement and independently of the endorsement agreement. Kawhi still owns copyrights in the original “KW2” logo. However, this use could result into a trademark controversy if Nike continues to use the modified “KL2” logo as a trademark, with the question being: Is Kawhi’s trademark use of the original “KL2” logo confusingly similar to Nike’s trademark use of the modified “KL2 logo?

]]>The GDPR: A year in reviewhttps://www.technologylawsource.com/2019/07/articles/privacy-1/the-gdpr-a-year-in-review/
Tue, 23 Jul 2019 11:18:19 +0000https://www.technologylawsource.com/?p=5791On May 25, 2018, the General Data Protection Regulation (GDPR) became effective across the European Union. The GDPR is a regulation designed to give EU residents control over their personal data and simplify the regulatory framework for international organizations doing business in the EU. In its infancy, it was not entirely clear how the GDPR would be enforced. Now, one year later, the regulation is beginning to show some teeth.

For individual consumers, the GDPR likely calls to mind last year’s flurry of privacy policy email updates from companies scrambling to comply, or perhaps the constant stream of consent pop-ups and cookie banners Europeans navigate on a daily basis when browsing the web. For U.S. companies that do business abroad, however, the GDPR represents a constant struggle to refine their data protection policies, as strict compliance remains an elusive target.

Although many data privacy lawyers disagree on whether strict compliance with the GDPR is even possible, recent enforcement measures have shed some light on how the regulation may be enforced in the future. A review of last year’s enforcement actions should help companies avoid unnecessary penalties and inform them what to expect going forward.

History and Scope

In contrast to the United States’ sectoral approach to data privacy, the GDPR is an omnibus law that regulates data privacy for all EU corporate sectors. The regulation binds EU member states and businesses, as well as non-EU businesses that process the personal data of EU citizens.

On May 25, 2018, the General Data Protection Regulation (GDPR) became effective across the European Union. The GDPR is a regulation designed to give EU residents control over their personal data and simplify the regulatory framework for international organizations doing business in the EU. In its infancy, it was not entirely clear how the GDPR would be enforced. Now, one year later, the regulation is beginning to show some teeth.

For individual consumers, the GDPR likely calls to mind last year’s flurry of privacy policy email updates from companies scrambling to comply, or perhaps the constant stream of consent pop-ups and cookie banners Europeans navigate on a daily basis when browsing the web. For U.S. companies that do business abroad, however, the GDPR represents a constant struggle to refine their data protection policies, as strict compliance remains an elusive target.

Although many data privacy lawyers disagree on whether strict compliance with the GDPR is even possible, recent enforcement measures have shed some light on how the regulation may be enforced in the future. A review of last year’s enforcement actions should help companies avoid unnecessary penalties and inform them what to expect going forward.

History and Scope

In contrast to the United States’ sectoral approach to data privacy, the GDPR is an omnibus law that regulates data privacy for all EU corporate sectors. The regulation binds EU member states and businesses, as well as non-EU businesses that process the personal data of EU citizens.

The GDPR grants significant rights for individuals that are subject to data collection. An EU citizen can request that a company delete her personal data or explain how her personal data is used and processed. The regulation also imposes significant requirements on companies that process the personal data of EU citizens. For example, companies must implement data protection measures to guard consumer data, including informing data subjects about the extent of data collected, retained, and transferred.

Noncompliance with the GDPR subjects a company to significant penalties, as each offense is punishable by a fine of up to roughly $20 million, or 4% of the noncomplying company’s annual global revenue, whichever is greater.

Enforcement Action Takeaways

At its inception, it was unclear how the European regulatory authorities would enforce the GDPR. Over the past year, however, there have been several GDPR enforcement actions that illustrate important takeaways for companies that process EU citizens’ data.

Good faith compliance is the best policy

Companies need to be able show that they attempted good faith compliance with the GDPR. Where companies blatantly disregard GDPR requirements, they expose themselves to substantial fines and penalties. In March 2019, the Polish supervisory authority penalized a data controller who was unlawfully scraping public information from the web for an amount equal to about $250,000.

In that case, it was noted that the company knowingly violated the GDPR by failing to inform EU citizens how their data was being used and processed. The supervisory authority found that the company intentionally ignored GDPR requirements because it wanted to avoid additional expenses associated with data transparency.

Large fines may be imposed but regulators are hesitant to issue maximum fines

In January 2019, the French supervisory authority fined Google 50 million euros (roughly $57 million) for failing to provide a legal basis for targeted advertisements and not being transparent regarding its use of consumer information. As one of the largest enforcement action to date, it takes direct aim at Google’s business model of selling consumer data to third party advertisers.

But the sheer size of this fine should not scare businesses away from the EU. Although significant, the $50 million fine amounted to a mere slap on the wrist for Google, as its parent company, Alphabet, Inc., reported revenue of almost $110 billion in 2018. Based on the GDPR, Google could have been fined more than $4 billion.

To this point, data protection authorities have yet to levy maximum fines for noncompliance with the GDPR. In the coming year, it will be interesting to see whether privacy regulators stay the course or increase pressure by levying heavier fines against non-compliant organizations.

Once a violation discovered, cooperation with the supervisory authority is key

Cooperating with a country’s supervisory authority is essential for reducing exposure to large fines. In one of the first enforcement actions of 2018, a German social media network, Knuddels.de, was fined 20,000 euros ($22,750) when it discovered a data breach that exposed the usernames and passwords of over 800,000 EU subscribers.

The supervisory authority noted that the relatively small fine was due in large part to Knuddels’ high level of transparency regarding the breach, extensive cooperation, and quick installation of security upgrades. It appears supervisory authorities will consider an organization’s willingness to remedy its security shortfalls in allocating fines for noncompliance. Thus, if a company is faced with noncompliance, it should be open and cooperate with the supervisory authority in order to receive a minimal fine.

The GDPR and U.S. Law

Although companies that do not do business in the EU are not subject to GDPR requirements, that does not mean they are completely off the hook. California recently passed the California Consumer Privacy Act (CCPA) which has many of the same features of the GDPR.

Further, other states, including (but not limited to) Illinois, New York, and Washington are considering measures that are akin to the CCPA. While these prospective laws are substantially similar, subtle differences will make them difficult to navigate. Until Congress passes a comprehensive data privacy law, companies will have to manage an array of legal requirements and privacy frameworks. For many companies, attempting GDPR compliance is a solid step towards navigating the ever-changing 50-state data privacy framework.

Conclusion

Data privacy law is undergoing massive change. The law, both within the United States and abroad, is looking at companies that extract, analyze, and sell consumer data.

In light of last year’s enforcement actions, it is important that organizations continue to assess their compliance with U.S. and international data privacy laws. Instead of waiting to see how these laws are enforced, businesses should take proactive steps in securing consumer data and assessing compliance with GDPR as applicable, and the laws of the states in which they operate.

]]>Kawhi Leonard v. Nike Inc.: How copyrights can trump trademarks?https://www.technologylawsource.com/2019/06/articles/intellectual-property-1/copyright/kawhi-leonard-v-nike-inc-how-copyrights-can-trump-trademarks/
Wed, 26 Jun 2019 12:00:00 +0000https://www.technologylawsource.com/?p=5786On Monday, May 3, 2019, in the midst of the NBA finals, Kawhi Leonard of the Toronto Raptors filed a lawsuit against Nike, Inc. (Nike) in the US District Court Southern District of California. The complaint asks the Court for a declaration that Kawhi is the sole author of the “KL2” logo, that his use of that logo does not infringe the rights of Nike, and that Nike committed fraud in its copyright application. The “KL2” logo is sometimes referred to as the “Klaw” logo which is a nickname for Kawhi. Kawhi owns US trademark registration number 5608427 for the “KL2” logo for use with apparel. However, Nike owns US copyright registration number VA0002097900 for the “KL2” logo.

According to the complaint, Kawhi created the “KL2” logo in 2011 just after being drafted by the San Antonio Spurs of the NBA. He said that he “traced his notably large hand, and, inside the hand, drew stylized versions of his initials ‘KL’ and the number that he had worn for much of his career, ‘2’”. Kawhi said that the drawing “was an extension and continuation of drawings he had been creating since early in his college career.” According to Kawhi, he then continued to refine the “KL2” logo as he shared it with family and friends and sought the advice of a creative designer. In October of 2011, Kawhi signed an endorsement agreement …

On Monday, May 3, 2019, in the midst of the NBA finals, Kawhi Leonard of the Toronto Raptors filed a lawsuit against Nike, Inc. (Nike) in the US District Court Southern District of California. The complaint asks the Court for a declaration that Kawhi is the sole author of the “KL2” logo, that his use of that logo does not infringe the rights of Nike, and that Nike committed fraud in its copyright application. The “KL2” logo is sometimes referred to as the “Klaw” logo which is a nickname for Kawhi. Kawhi owns US trademark registration number 5608427 for the “KL2” logo for use with apparel. However, Nike owns US copyright registration number VA0002097900 for the “KL2” logo.

Background

According to the complaint, Kawhi created the “KL2” logo in 2011 just after being drafted by the San Antonio Spurs of the NBA. He said that he “traced his notably large hand, and, inside the hand, drew stylized versions of his initials ‘KL’ and the number that he had worn for much of his career, ‘2’”. Kawhi said that the drawing “was an extension and continuation of drawings he had been creating since early in his college career.” According to Kawhi, he then continued to refine the “KL2” logo as he shared it with family and friends and sought the advice of a creative designer. In October of 2011, Kawhi signed an endorsement agreement with Nike.

At some point thereafter, Kawhi and Nike began discussions about creating a logo to affix to Nike merchandise sold under the endorsement agreement. Kawhi proposed using his “KL2” logo. According to the complaint, after modifications by Nike and several proposals, Kawhi accepted a June 2014 proposal and granted Nike permission to affix the modified “KL2” logo, based on Kawhi’s original “KL2” logo, on “Nike merchandise during the term of the Nike Agreement”. While there was an exchange of various e-mails and communications, it does not appear that there was a formal written agreement regarding the”KL2” logo. Nike proceeded to affix the “KL2” logo to Nike merchandise including several shoes under the Jordan Brand. Kawhi also proceeded to use the “KL2” logo on non-Nike merchandise including “apparel and merchandise used for basketball camps, appearance and charity events.”

All parties seemed happy until the endorsement agreement between Kawhi and Nike finally expired on Sept. 30, 2018. In November 2018, Kawhi signed a surprise deal with New Balance, Inc. effectively becoming the new face of the New Balance basketball division. Not surprisingly, the “KL2” logo became an item of contention rather quickly. In December 2018, Nike wrote to Kawhi that Nike owned the “KL2” logo pursuant to its US copyright registration and demanded that Kawhi cease use of the “KL2” logo on non-Nike merchandise.

Kawhi, who was previously unaware of the copyright registration, responded in January 2019 that he intended to continue using the ‘KL2” logo on non-Nike merchandise and “might affix the Leonard Logo and Leonard trademarks to the shoes he would be wearing as a player for the Raptors.” In March 2019, Nike responded that it owned all intellectual property in the “KL2” logo and demanded that Kawhi cease all unauthorized use.

Trademark rights

Trademark rights are established automatically by using the trademark in commerce in connection with the sale of goods or services. Formal registration with the US Patent and Trademark Office is not required to establish trademark rights. However, formal registration of trademarks does provide certain advantages. Kawhi obtained US trademark registration number 5608427 for the “KL2” logo for use in connection with various apparel claiming a first use of at least February 2016. These trademark rights enable Kawhi to prevent others from using the “KL2” logo or similar logos in connection with the sale of goods or services that are likely to cause confusion among consumers of the relevant goods or services.

Nike has not filed for registration of the “KL2” logo as a trademark even though Nike appears to have used the “KL2” logo in connection with the sale of shoes as early as 2014. This may be a result of Nike believing that the “KL2” logo was owned by Kawhi and licensed to Nike for use on Nike-merchandise. It is also may be the result of Nike deciding not to register this trademark, but that is unlikely. Because trademark rights are established by first use, If Nike believes that it has trademark rights to the “KL2” logo, it could still decide to file its own application for trademark registration and file to cancel Kawhi’s trademark registration.

There is no indication that Kawhi or Nike has raised the issue of trademark ownership or trademark infringement with the other party. The reason is because the trademark in this dispute is a logo and logos are two-dimensional works of fine, graphic or applied art subject to copyrights. Thus, even the owner of trademark rights cannot use their trademark if another party owns copyrights in visual art elements of the trademark because use of the trademark by the trademark owner would constitute copyright infringement. In other words, the copyrights trump the trademark rights in these circumstances.

Copyrights

Copyrights are automatic in that you establish copyrights for an original work of authorship the moment you put it into a tangible form. Formal registration of copyrights with the United States Copyright Office is not required to establish copyrights. However, formal registration does provide certain advantages. Thus, Kawhi obtained copyrights to the original “KL2” logo the moment he drew it onto paper even though he has not registered those copyrights.

Employees of Nike modified the original “KL2” logo to form the modified “KL2” logo at issue. The degree of those modifications determines what if any copyrights Nike owns for the modified “KL2” logo. There are three possible scenarios:

The modifications to the original logo are so minor that the modified logo, as a whole, does not represent an original work of authorship

The modifications to the original logo are significant enough that the modified logo, as a whole, does represent an original work of authorship as a derivative work

The modifications are so transformative that the modified logo, as a whole, represents an entirely new original work of authorship.

In the first scenario, no copyrights would be established in the modified “KL2” logo so Nike would not have any copyrights to the original or modified “KL2” logo. In the second scenario, copyrights would be established in the modified “KL2” logo as a derivative work. However, the copyright owner of the pre-existing work has the exclusive right to prepare and authorize others to prepare derivative works based on the pre-existing work. See 17 U.S.C. §106(2). Where the copyright owner grants another party the right to prepare a derivative work, a new exclusive copyright in and to the derivative work comes into existence upon creation and fixation of the derivative work in tangible form. Therefore, if Kawhi granted Nike permission to create the modified “KL2” logo and the modified “KL2” logo is a derivative work, than Nike would own the copyrights to the modified “KL2” logo but not to the original “KL2” logo, unless there was an express contractual provision in writing that ownership of modified “KL2” logos would be transferred to Kawhi. In the third scenario, copyrights are established in the modified or new “KL2” logo and Nike would own the copyrights to the modified or new “KL2” logo, unless there was an express contractual provision in writing that ownership of modified or new “KL2” logos would be transferred to Kawhi.

Possible outcomes

Based on the complaint, Kawhi appears to be asserting that he owns the copyrights to both the original and modified “KL2” logos. This would be the first scenario discussed above where the modified “KL2” logo is essentially the same as the original ”KL2” logo and thus is not a derivative work or an entirely new original work of authorship. The complaint does not show the original “KL2” logo to currently allow a comparison between the original and modified “KL2” logos, but Kawhi will clearly be found to own the copyrights to both versions of the “KL2” logo if this argument is successful.

Based on Nike’s copyright registration, Nike is most likely is asserting that it owns the copyrights to the modified “KL2” logo as a new original work of authorship because Nike did not indicate in the copyright application that the work was a derivative work. This would be the third scenario discussed above where the modifications are so transformative that the modified “KL2” logo, as a whole, represents an entirely new original work of authorship. Again, the complaint does not show the original to currently allow a comparison between the original and modified “KL2” logos, but Nike will clearly be found to own the copyrights to the modified “KL2” logo if this argument is successful, unless it is also found that there was an express contractual provision in writing that ownership the modified or new “KL2” logos would be transferred to Kawhi.

Without the ability to currently compare the original and modified “KL2” logos, it seems safe to think that the modifications likely fall somewhere between the two above arguments and fit the second scenario discussed above where the modified “KL2” logo is determined to be a derivative work. The complaint seems to indicate that Nike was authorized to modify the original “KL2” logo. If so, Nike clearly owns the copyrights to the modified “KL2” logo so the only remaining question would be whether Nike can continue to use the modified “KL2” logo both under copyright and trademark law. It is important to note that a derivative work, prepared under a grant to prepare a derivative work before termination of the grant, may continue to be utilized under the terms of the grant after its termination. See 17 U.S.C. §203(b). In the absence of contract restrictions, the owner of the copyrights in the derivative work has the exclusive copyrights in the derivative work as a whole, including the right to make derivative works based on the derivative work as a whole — but not the right to create derivative works based on the original work after the original copyright owner’s termination of the right. See also 17 U.S.C. §304(c)(6)(A).

This is where the terms of the “logo agreement” and lack of a written agreement become important. Kawhi asserted that he permitted Nike to use the “KL2” logo “for the specific purpose of effectuating the Nike Agreement for the term of the contract”. Even if Kawhi can prove that there was agreement that Nike would stop using the modified “KL2” logo when the endorsement contract between Kawhi and Nike expired, Nike still owns the copyright in the modified “KL2” logo as a derivative work, unless there was an express contractual provision in writing that ownership of modified “KL2” logos would be transferred to Kawhi. However, Nike cannot use the modified “KL2” logo by contract and Kawhi cannot use the modified “KL2” logo because it would infringe Nike’s copyrights. If Kawhi cannot prove that there was an agreement in this regard, only Nike could continue to use the modified “KL2” logo. Of course, in either case Kawhi could use the original “KL2” logo or any other derivatives thereof.

Lessons learned

At this early stage and without the benefit of comparing the original and modified “KL2” logos, it appears that Kawhi will have difficulty in obtaining the results that he requested in his lawsuit. What could he have done differently? First and foremost, this dispute likely would have been avoided if a formal written contract was entered into at the time a “logo agreement” was reached about Nike using the “KL2” logo. This is always important regardless of the type of agreement. Second, Kawhi should have included clear terms in the written contract that he would be assigned ownership of any modified or new “KL2” logos authored by Nike, or at least that Nike could not use the original or any modified or new versions of the “KL2” logo authored by Nike after the endorsement contract expired. This is particularly important in instances like this where the other party may be a direct competitor in the future. Third, and maybe less obvious, the written contract should have expressly addressed all relevant intellectual property rights including both trademark rights and copyrights. This is particularly important when a trademark is a logo which includes a visual work of art.

Following is a brief analysis on how this Measure, if adopted, could affect U.S. entities doing business in China or doing business with Chinese entities.

Network Operator

If a U.S. entity is a network owner, administrator or service provider that gathers personal information during its operation in China, it is a “Network Operator” under the Measure and is required to go through a security assessment before it transfers any personal information out of China. There are no threshold requirements: whether it is an entity with $10,000 annual gross revenues or $25,000,000, whether the entity transfers personal information of 10 or 50,000 customers or employees, the entity must comply with the Measure.

While the current law only imposes security assessments on “critical information infrastructure operators,” the Measure significantly expands the regulatory scope to cover all network operators. If a U.S. entity uses the Internet to collect personal information from China, it is treated as a “Network Operator” for the purpose of the Measure. A Network Operator is prohibited from transferring personal information overseas if it is unable to pass the security assessment.

The Measure further requires a Network Operator to report annually, to report any relatively major security incident, and to retain a record of cross-border transfer of personal information …

Following is a brief analysis on how this Measure, if adopted, could affect U.S. entities doing business in China or doing business with Chinese entities.

Network Operator

If a U.S. entity is a network owner, administrator or service provider that gathers personal information during its operation in China, it is a “Network Operator” under the Measure and is required to go through a security assessment before it transfers any personal information out of China. There are no threshold requirements: whether it is an entity with $10,000 annual gross revenues or $25,000,000, whether the entity transfers personal information of 10 or 50,000 customers or employees, the entity must comply with the Measure.

While the current law only imposes security assessments on “critical information infrastructure operators,” the Measure significantly expands the regulatory scope to cover all network operators. If a U.S. entity uses the Internet to collect personal information from China, it is treated as a “Network Operator” for the purpose of the Measure. A Network Operator is prohibited from transferring personal information overseas if it is unable to pass the security assessment.

The Measure further requires a Network Operator to report annually, to report any relatively major security incident, and to retain a record of cross-border transfer of personal information for at least five years. The Measure also mandates Network Operators to include the following terms and conditions in their agreements with overseas recipients: a Network Operator shall provide certain information to the owner of the personal information; shall provide a copy of the agreement(s) to the owner upon request; and shall convey the owner’s claims to the recipient and provide compensation to the owner if remedies from the recipient are not readily available.

Recipient of the Personal Information

A U.S. entity that receives personal information from Network Operators should also familiarize itself with the Measure. Here is why:

An agreement between a Network Operator and the recipient of personal information must be submitted for review and the performance of the agreements regarding personal information is also subject to periodic review by the cyberspace administrative department.

The Measure requires the agreement between the Network Operator and the recipient to include a slew of standard contractual terms. Among various terms and conditions, individuals whose personal information would be transferred have a right to seek remedies from the Network Operator and/or the recipient if his or her rights are violated. Termination of the agreement does not affect the Network Operator or the recipient’s obligations under the Measure, unless the recipient has destroyed or de-identified the personal information. A recipient shall provide access to individuals whose information would be transferred, and to respond, correct, or delete the personal information at his or her request within a reasonable time and at reasonable costs. In the event that any change of U.S. law affects the enforceability of the agreement, the recipient must immediately inform the Network Operator, which in turn, will report to the cyberspace administrative department.

The Measure further limits the recipient’s ability to transfer the personal information to any third-party, except in very limited circumstances.

The fact that the recipient had any major security incident will be considered by the cyberspace administrative department during a security assessment. Additionally, the cyberspace administrative department has authority to stop overseas transfer of personal information if the recipient experiences any major security incident or abuses data.

While the final Measure is likely to be different from the proposed draft, this draft embodies the trend that China is tightening its grip on cybersecurity governance. Bear in mind that only weeks prior to releasing this draft, on May 28, 2019, CMA released the draft Measures for Data Security Management (数据安全管理办法) for public comment. As China ramps up its speed in implementing its law on cybersecurity, we encourage all U.S. entities that do business in China or do business with Chinese entities to consult with those knowledgeable about the Measure to strategize and to prepare for future compliance.

]]>Status of CBD products under Ohio law; Emerging issues in intellectual property related to cannabis business: Part 2https://www.technologylawsource.com/2019/06/articles/intellectual-property-1/status-of-cbd-products-under-ohio-law-emerging-issues-in-intellectual-property-related-to-cannabis-business-part-2/
Thu, 13 Jun 2019 18:48:08 +0000https://www.technologylawsource.com/?p=5777In Part 2, we cover the key Intellectual Property issues that are emerging in this arena. Read part 1 here.
United States Patent and Trademark Office update

Following the enactment of the Farm Bill, the United States Patent and Trademark Office (USPTO) has officially issued guidelines when reviewing trademark applications for CBS and hemp-derived goods and services.

This is a big step for the cannabis industry as for many years, entities have tried, unsuccessfully, to legally protect their trademarks in connection with commercial cannabis businesses. The USPTO policy for many decades has been rigid in its dealing with cannabis related trademarks; the tolerance level being essentially none.

What is a cannabis-related trademark?

The Examination Guide 1-19 allows for some, but not all, registration of cannabis related trademarks. The “cannabis related trademarks” the USPTO allows businesses to apply and register for are:

Legal hemp

Hemp derived CBD

Hemp oil and other hemp derived goods

The service of cultivating hemp

The service of the production of hemp-derived goods

Other services that relate to hemp

What other requirements are necessary to obtain a trademark for cannabis-related trademarks?

Once it has been established that the trademark being obtained is for cannabis related purposes, the second question to ask is if it is a “lawful use in commerce.” The trademark application must demonstrate that the product or service derives or relates to hemp as defined by the Farm Bill. When listing out the goods or services that the trademark is meant to protect, the applicant …

In Part 2, we cover the key Intellectual Property issues that are emerging in this arena. Read part 1 here.

United States Patent and Trademark Office update

Following the enactment of the Farm Bill, the United States Patent and Trademark Office (USPTO) has officially issued guidelines when reviewing trademark applications for CBS and hemp-derived goods and services.

This is a big step for the cannabis industry as for many years, entities have tried, unsuccessfully, to legally protect their trademarks in connection with commercial cannabis businesses. The USPTO policy for many decades has been rigid in its dealing with cannabis related trademarks; the tolerance level being essentially none.

What is a cannabis-related trademark?

The Examination Guide 1-19 allows for some, but not all, registration of cannabis related trademarks. The “cannabis related trademarks” the USPTO allows businesses to apply and register for are:

Legal hemp

Hemp derived CBD

Hemp oil and other hemp derived goods

The service of cultivating hemp

The service of the production of hemp-derived goods

Other services that relate to hemp

What other requirements are necessary to obtain a trademark for cannabis-related trademarks?

Once it has been established that the trademark being obtained is for cannabis related purposes, the second question to ask is if it is a “lawful use in commerce.” The trademark application must demonstrate that the product or service derives or relates to hemp as defined by the Farm Bill. When listing out the goods or services that the trademark is meant to protect, the applicant must specify that goods contain no more than 0.3 percent delta-9 tetrahydrocannabinol (THC). This complies with the scope of the federal law mentioned in the above section. Furthermore, the applicant of the trademark may be required to submit evidence to the USPTO showing compliance with the licensing and regulatory standards in connection with the Farm Bill.

The U.S. Food and Drug hesitation

Although the Farm Bill has made it clear that many trademarks that were not allowed registration before are now acceptable, the FDA has still barred certain products from being lawful. The FDA has stated that any products or services that 1) introduce food containing added CBD or THC into interstate commerce, or 2) to market or use CBD or THC products in dietary supplements, regardless of whether the substances are hemp-derived, are still unlawful.

The Examination Guide 1-19 took heed of the FDA’s hesitation and does not allow businesses to register trademarks for foods, beverages, dietary supplements, and pet treats containing CBD, even if derived from hemp.

Other developments in trademark services

Following the guidelines from the USPTO, many trademark service databases, have started marketing products that will help prospective applicants search for trademark availability in the commercial cannabis space. One of these databases, Coresearch, is well known in the trademark community in assisting with the protection and screening of trademarks for registration and use with the USPTO and in commerce. Coresearch has created a proprietary tool “Cannabis Industry Search” which will check for existing conflicts, at the state level, with other trademarks for similar services or products, identify possible conflicts with strains and dispensaries, and conduct searching on CBD related utensils such as vapes and edibles.

The Coresearch product also demonstrates the evolution of the cannabis industry in trademarks and how it intends to be a big player in the protection and enforcing Intellectual Property (IP) rights. Coresearch has only offered one other, similar service for an industry along this line, the alcoholic beverage industry, which is recognized as highly competitive and invests millions of dollars in connection with protecting its IP.

Time is of the essence

With the USPTO’s allowance for cannabis related trademarks and the expanding availability of involvement trademark databases, obtaining trademarks in this field will be highly competitive in the months and years to come. The laws surrounding cannabis are evolving and expanding every year and the USPTO anticipates to receive hundreds of applications for trademark protection in the hemp and hemp derived spaces. Against this backdrop, the time to obtain a trademark and to protect your growing cannabis business is right now.

For more information concerning commercial CBD and cannabis business legal questions, please contact Frank Tice. For more information on related business trademark applications and protection, please contact Noor Bahhur

Current legal status of hemp and cannabidiol (CBD) based products under state law

How intellectual property rights will be protected

We will walk through both the background and current status related to these issues in this two part series.

Background: Hemp and CBD legal status in Ohio

Until recently, federal law did not differentiate hemp from marijuana meaning both were considered “marihuana” (the law dates back decades and uses an older spelling of the word marijuana) and outlawed as a Schedule I Controlled Substance. Late last year, Congress passed the Agriculture Improvement Act of 2018, otherwise known as the “Farm Bill”. The Farm Bill removed hemp from the definition of “marihuana,” effectively removing it from the Controlled Substances Act and paving the way for legalized hemp cultivation and sale.

What the Farm Bill does

The Farm Bill generally paved the way for legal hemp and certain hemp-derived CBD products. There are, however, several major qualifiers. First, to be considered legal, hemp must not contain more than 0.3% tetrahydrocannabinol (THC)—the part of the cannabis plant that produces a “high”.

Second, hemp must be produced in a manner consistent with the Farm Bill as well as with associated state and federal regulations. The Farm Bill created a joint federal-state regulatory regime requiring states to take certain steps before hemp can be considered legal. Section 10113 of the Farm Bill provides that state …

Current legal status of hemp and cannabidiol (CBD) based products under state law

How intellectual property rights will be protected

We will walk through both the background and current status related to these issues in this two part series.

Background: Hemp and CBD legal status in Ohio

Until recently, federal law did not differentiate hemp from marijuana meaning both were considered “marihuana” (the law dates back decades and uses an older spelling of the word marijuana) and outlawed as a Schedule I Controlled Substance. Late last year, Congress passed the Agriculture Improvement Act of 2018, otherwise known as the “Farm Bill”. The Farm Bill removed hemp from the definition of “marihuana,” effectively removing it from the Controlled Substances Act and paving the way for legalized hemp cultivation and sale.

What the Farm Bill does

The Farm Bill generally paved the way for legal hemp and certain hemp-derived CBD products. There are, however, several major qualifiers. First, to be considered legal, hemp must not contain more than 0.3% tetrahydrocannabinol (THC)—the part of the cannabis plant that produces a “high”.

Second, hemp must be produced in a manner consistent with the Farm Bill as well as with associated state and federal regulations. The Farm Bill created a joint federal-state regulatory regime requiring states to take certain steps before hemp can be considered legal. Section 10113 of the Farm Bill provides that state departments of agriculture, in consultation with the state’s governor and attorney general, must devise and submit to the United State Department of Agriculture (USDA) a plan regulating hemp. The USDA must approve the state’s plan before hemp can be legally produced and sold. Notably, if a state chooses not to establish such a system, the USDA will create and enforce a plan for that state.

Third, the Farm Bill provides that certain activities such as cultivating hemp without a license under an approved plan or producing hemp with more than 0.3% THC are unlawful. The legislation outlines various penalties, including felonies, for failure to comply with these restrictions.

What the Farm Bill does not do

A common misconception is that the Farm Bill legalized hemp and CBD everywhere in the United States. In fact, the Farm Bill only narrowly legalized certain types of CBD derived from hemp. All other CBD remains a Schedule I Controlled Substance that is illegal under federal law.

The Farm Bill also did nothing to legalize state-level cannabis programs, meaning that marijuana remains illegal as a Schedule I Controlled Substance under federal law even in states that have legalized marijuana in some manner. Notably, states rely on narrow protections such as the Rohrabacher-Blumenauer budget rider (Section 537 of the Consolidated Appropriations Act, 2019) which prohibits the Department of Justice from expending funds to prosecute individuals involved in medical marijuana operations that are legal under state law.

When is CBD Legal?

CBD based products are legal if and only if:

The CBD is derived from hemp

The hemp does not contain more than 0.3% THC

The hemp is grown by a person or entity that is licensed pursuant to a state’s USDA approved plan or a USDA imposed system regulating hemp.

Any CBD derived from hemp that is sold outside these parameters is not only illegal, but remains a Schedule I Controlled Substance under federal law.

What is the status of Ohio’s plan to regulate hemp?

Ohio is one of the few states that did not legalize hemp under the 2014 Farm Bill, which allowed states to establish hemp regulatory pilot programs and remains the current program under which states can operate until the USDA promulgates regulations (expected in late 2019) governing the state plan submission process for the 2018 Farm Bill.

Ohio has also failed to legalize hemp at the state level and thus is not currently in a position to submit a plan to the USDA for regulating hemp. But that could soon change. On March 28, 2019, the Ohio Senate passed Senate Bill 57 which would decriminalize hemp, legalize its production, and regulate producers and sellers. That bill has now gone to the Ohio house where, on June 4, 2019, a stricter subversion of the bill was voted out of the Agriculture and Rural Development Committee to the House Floor by an 11-1 vote.

So are hemp and CBD legal in Ohio?

Certain types of hemp and CBD derived from hemp are technically legal in Ohio, but not in the way or for the reasons you might think. Anyone growing or selling hemp or CBD in Ohio is not protected by the Farm Bill since Ohio has not established a pilot program under the 2014 Farm Bill, and no state level plan has (or can) be approved under the 2018 Farm Bill until regulations governing such a plan submission process are finalized.

However, Ohio’s Department of Pharmacy has stated that hemp and CBD can be sold in Ohio provided the sales are made by licensed medical marijuana dispensaries (Ohio law does not distinguish hemp or CBD from marijuana). Effectively, this means that hemp and CBD products are legal in Ohio only if they are sold within the confines of Ohio’s existing Medical Marijuana Control Program (MMCP).

Why does this distinction between legal under the Farm Bill vs. legal under Ohio’s MMCP matter? Because hemp and CBD are only legal in Ohio under Ohio’s marijuana control program; a program that remains illegal under federal law. Moreover, any attempt to cultivate or sell hemp or CBD outside of Ohio’s MMCP is illegal under state and federal law. And the Rohrabacher-Blumenauer budget rider would not prevent the Department of Justice from prosecuting individuals cultivating or selling hemp or CBD if such activities are undertaken outside of Ohio’s MMCP.

With the regulations surrounding marijuana, hemp, and CBD products in such disarray, it’s no wonder that Ohio’s Senate passed the bill that would legalize and regulate hemp and hemp-derived CBD by a vote of 30-0.

]]>A “Boost” for copyright protection in the fashion industry: Kanye’s Yeezy sneakers to receive copyright registrationshttps://www.technologylawsource.com/2019/05/articles/intellectual-property-1/copyright/kanyes-yeezy-sneakers-to-receive-copyright-registrations/
Tue, 28 May 2019 18:42:52 +0000https://www.technologylawsource.com/?p=5765On May 8, 2019, the Review Board of the U. S. Copyright Office issued a decision stating that Yeezy 350 Boost Version 1 and Yeezy 350 Boost Version 2 sneakers each include copyrightable subject matter. The Adidas Yeezy sneakers are a collaboration between Adidas AG and Kanye West which has been wildly popular and as a result has been frequently knocked off by imitators. So it is not surprising that Adidas AG pursued copyright protection for these sneakers. This decision by the U.S. Copyright Office clarifies that footwear designs can be perceived as two- or three-dimensional works of art separate from the footwear themselves. Thus, footwear designers clearly have the option of copyright protection for footwear designs having sufficient originality.

In 2017, Adidas AG filed applications for copyright registration of the Yeezy Boost 350 Version 1 and the Yeezy Boost 350 Version 2 which are shown above in photos from the decision. The U.S. Copyright Office initially rejected these applications because the sneakers were said to be “useful articles that do not contain any copyrightable authorship needed to sustain a claim to copyright.” Note that copyright law does not protect useful articles, such as clothing and footwear. See 17 U.S.C. § 101.

Notably, in March of 2017, the U. S. Supreme Court held in Star Athletica, LLC v. Varsity Brands, Inc., that an artistic feature applied onto or incorporated into a useful article may be eligible for copyright protection if it:

On May 8, 2019, the Review Board of the U. S. Copyright Office issued a decision stating that Yeezy 350 Boost Version 1 and Yeezy 350 Boost Version 2 sneakers each include copyrightable subject matter. The Adidas Yeezy sneakers are a collaboration between Adidas AG and Kanye West which has been wildly popular and as a result has been frequently knocked off by imitators. So it is not surprising that Adidas AG pursued copyright protection for these sneakers. This decision by the U.S. Copyright Office clarifies that footwear designs can be perceived as two- or three-dimensional works of art separate from the footwear themselves. Thus, footwear designers clearly have the option of copyright protection for footwear designs having sufficient originality.

Yeezy 350 Boost Version 1 (left), Yeezy 350 Boost Version 2 (right)

In 2017, Adidas AG filed applications for copyright registration of the Yeezy Boost 350 Version 1 and the Yeezy Boost 350 Version 2 which are shown above in photos from the decision. The U.S. Copyright Office initially rejected these applications because the sneakers were said to be “useful articles that do not contain any copyrightable authorship needed to sustain a claim to copyright.” Note that copyright law does not protect useful articles, such as clothing and footwear. See 17 U.S.C. § 101.

Notably, in March of 2017, the U. S. Supreme Court held in Star Athletica, LLC v. Varsity Brands, Inc., that an artistic feature applied onto or incorporated into a useful article may be eligible for copyright protection if it:

“(1) can be perceived as a two- or three-dimensional work of art separate from the useful article, and (2) would qualify as a protectable pictorial, graphic, or sculptural work—either on its own or fixed in some other tangible medium of expression—if it were imagined separately from the useful article into which it is incorporated.”

In Star Athletica, the Court found that a chevron design on a cheerleading uniform could be perceived as a two-dimensional or three-dimensional work of art separate from the cheerleading uniform itself, and that the chevron design qualified as a protectable pictorial, graphic, or sculptural work when imagined separate from the cheerleading uniform.

After the initial rejections of the applications, Adidas AG filed a first request for reconsideration of the rejections, arguing that the sneakers included three dimensional works of art separate from the sneakers themselves. For Version 1, Adidas AG pointed to the “irregular black lines of various lengths and shapes on a gray fabric with a black semi-circle in the arch and an orange dotted stripe on an off-white heel loop.” As for Version 2, Adidas AG appointed to “several grey lines in a wave pattern with a thick orange stripe on the outsole that fades toward the heel of the sneaker” and “a secondary “inner orange layer that adds intermittent orange coloring.” The Review Board of the U. S. Copyright Office ruled that the sneakers “contain separable designs” citing Star Athletica and sent the applications back down to the registration division of the U. S. Copyright Office. The registration division then again rejected the applications because even though the sneakers “contain separable designs”, “those designs [do] not meet the originality requirement as they consisted of ‘simple shapes arranged into common, expected patterns in very simple color schemes.”

Not to be deterred, Adidas AG filed a second request for reconsideration of the rejections. The Review Board of the U.S. Copyright Office again stated that the design elements cited by Adidas AG “can be perceived as two- or three-dimensional works of art separate from the useful article, that is, the sneaker” citing Star Atheltica. As to the issue of whether these separate works are protectable as original works of authorship, the Review Board held that the designs contain a sufficient amount of original and creative two- and three-dimensional authorship for registration” noting the “the low standard for copyrightability articulated in Feist Publications.” In Feist Publications, the U.S. Supreme Court stated that “the standard for creativity is extremely low” and “it need not be novel, rather it only needs to possess a “spark” or “minimal degree” of creativity to be protected by copyright.” As a result, the Review Board once again sent the applications back down to the registration division of the U. S. Copyright Office for registration of the Yeezy sneaker designs.

Footwear designs are commonly protected by design patents. In fact, Adidas AG obtained U.S. design patents for Yeezy Boost 350 sneakers. For Example, see U. S. design patent numbers D838,958 and D821,078. After this Adidas Yeezy decision, design patents will likely remain the most common choice for protecting footwear designs because it is not required to prove copying in order to establish infringement of a design patent. However, this Adidas Yeezy decision indicates that copyright is an additional or alternative option for protecting footwear designs having sufficient originality. The copyright option can be beneficial because of lower cost to obtain, ability to record with U. S. Customs for enforcement at ports of entry, availability of statutory damages and attorney fees for infringement if registered prior to infringement, and longer terms of enforceability. Footwear designers should carefully consider each of these options for their new designs.

]]>Verify your wires!https://www.technologylawsource.com/2019/05/articles/information-technology/verify-your-wires-to-avoid-internet-enabled-theft-wire-fraud-and-exploitation/
Fri, 10 May 2019 14:01:32 +0000https://www.technologylawsource.com/?p=5761The FBI’s Internet Crime Complaint Center has released its 2018 annual report, which includes statistics that internet-enabled theft, wire fraud and exploitation were responsible for a staggering $2.7 billion in financial losses in 2018. If you are involved in transactional work, this can happen to you.

Reports detail an increasingly common story of wire fraud accompanying large sum transactions. The story line often includes a spoofed email invoice in connection with closing, which instructs one party to wire closing related expenses to a fraudulent account. As a result of the detailed and convincing invoice, one party loses their funds forever when they wire a large sum to the hacker’s offshore account.

What are the courts saying?

Recent news reported on a story about a hack that took place during a real estate closing. A law firm forwarded money to Deutsche Bank in accordance with instructions from a mortgage company. Through “mimicking” the e-mail address that the lender used, the hacker provided fraudulent wiring instructions to the law firm.

In rejecting the law firm’s complaint against the lender, the U.S. District Court for the Eastern District of Virginia ruled that state law does not allow companies to bring negligence claims against organizations that are hit with a data breach based on “a duty to safeguard the private information of another individual.” The court observed that its decision rests on a developing area of law: “whether or how to impose liability on a party whose potentially negligent conduct flows from a …

The FBI’s Internet Crime Complaint Center has released its 2018 annual report, which includes statistics that internet-enabled theft, wire fraud and exploitation were responsible for a staggering $2.7 billion in financial losses in 2018. If you are involved in transactional work, this can happen to you.

Reports detail an increasingly common story of wire fraud accompanying large sum transactions. The story line often includes a spoofed email invoice in connection with closing, which instructs one party to wire closing related expenses to a fraudulent account. As a result of the detailed and convincing invoice, one party loses their funds forever when they wire a large sum to the hacker’s offshore account.

What are the courts saying?

Recent news reported on a story about a hack that took place during a real estate closing. A law firm forwarded money to Deutsche Bank in accordance with instructions from a mortgage company. Through “mimicking” the e-mail address that the lender used, the hacker provided fraudulent wiring instructions to the law firm.

In rejecting the law firm’s complaint against the lender, the U.S. District Court for the Eastern District of Virginia ruled that state law does not allow companies to bring negligence claims against organizations that are hit with a data breach based on “a duty to safeguard the private information of another individual.” The court observed that its decision rests on a developing area of law: “whether or how to impose liability on a party whose potentially negligent conduct flows from a data breach.” Courts have come down on both sides of the issue, giving companies little clarity on who is liable for negligence after a data breach.

Red flags to watch for:

Above all, verifying the wire instructions verbally with the creditor/vendor can easily prevent loss in such scenarios. Through quick communication, parties can discover incorrect bank account information and avoid wire fraud. There are many indicia that point to suspicious e-mailed (or faxed) instructions. Here are a few red flags to keep in mind:

A message from a Gmail or Hotmail account, especially late in a transaction

A slight misspelling of words in the sender’s address or message

Instructions that direct a wire to a foreign account, an account without the payee’s proper name, or an unknown bank

Changing wire instructions

Any “rush” transaction

These cases demonstrate the importance of maintaining adequate cyber insurance and the necessity of independently verifying all wire instructions transmitted through non-secure servers. Finally, calling a known telephone number is typically the safest way to verify information with any party to a matter.

]]>Riding the waves of U.S. data privacy legislationhttps://www.technologylawsource.com/2019/04/articles/privacy-1/data-privacy-legislation/
Tue, 02 Apr 2019 18:47:13 +0000https://www.technologylawsource.com/?p=5753Much has been written about the European General Data Protection Regulation (GDPR). Commentators have touted the EU’s supposedly superior data protection regimen. But don’t lose focus on what is happening within the U.S. and the implications for U.S. companies that may not be focused on GDPR requirements. Even companies that are GDPR focused may not meet the upcoming requirements. At least three significant privacy legislation fronts in the U.S. bear mentioning:

The 2008 Illinois Biometric Protection Act (BIPA) and the Jan. 25, 2019 ruling in Six Flags. Six Flags was significant because the Illinois Supreme Court ruled that a plaintiff need not allege or prove actual harm to impose statutory penalties on a BIPA violator.

The California Consumer Privacy Act, as amended, along with other follow-the-leader states, including Massachusetts, New York, North Dakota, Utah and Washington.

Federal legislative hearings and activity aimed at combating the problem, created by a “patchwork” of separate, individual state privacy laws.

The Illinois Biometric Protection Act

BIPA addresses the use of an individual’s biologically unique identifiers, such as retina or iris scans, fingerprints, voiceprints, or scans of hand or face geometry. The Illinois legislature enacted the law in 2008, finding that biometrics are unique to the individual, and once compromised, the individual has no recourse and is at a heightened risk for identity theft. BIPA prohibits (among other things) a private entity from collecting, capturing, purchasing, receiving, or otherwise obtaining a person’s or customer’s biometric identifier without first:

Much has been written about the European General Data Protection Regulation (GDPR). Commentators have touted the EU’s supposedly superior data protection regimen. But don’t lose focus on what is happening within the U.S. and the implications for U.S. companies that may not be focused on GDPR requirements. Even companies that are GDPR focused may not meet the upcoming requirements. At least three significant privacy legislation fronts in the U.S. bear mentioning:

The 2008 Illinois Biometric Protection Act (BIPA) and the Jan. 25, 2019 ruling in Six Flags.Six Flags was significant because the Illinois Supreme Court ruled that a plaintiff need not allege or prove actual harm to impose statutory penalties on a BIPA violator.

The California Consumer Privacy Act, as amended, along with other follow-the-leader states, including Massachusetts, New York, North Dakota, Utah and Washington.

Federal legislative hearings and activity aimed at combating the problem, created by a “patchwork” of separate, individual state privacy laws.

The Illinois Biometric Protection Act

BIPA addresses the use of an individual’s biologically unique identifiers, such as retina or iris scans, fingerprints, voiceprints, or scans of hand or face geometry. The Illinois legislature enacted the law in 2008, finding that biometrics are unique to the individual, and once compromised, the individual has no recourse and is at a heightened risk for identity theft. BIPA prohibits (among other things) a private entity from collecting, capturing, purchasing, receiving, or otherwise obtaining a person’s or customer’s biometric identifier without first:

Informing the person or the person’s legally authorized representative that a biometric identifier is being collected or stored.

Disclosing the specific purpose and length of term for which a biometric identifier is being collected, stored and used.

Receiving a written release executed by the person or the person’s legally authorized representatives.

In the employment context, written release means a release executed by an employee as a condition of employment. Additionally, a private entity in possession of biometric identifiers must develop a written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric identifiers. It is also prohibited from selling or otherwise profiting from, or disclosing, biometric information without consent.

Any person aggrieved by a violation of BIPA has a private right of action against an offender and may recover for each violation liquidated damages of $1,000 for negligent violations or $5,000 for intentional violations (or actual damages if greater), plus attorney fees and other costs, and injunctive relief. Up until the Illinois Supreme Court’s Six Flags ruling, courts generally found that a plaintiff did not qualify as an “aggrieved” person if he or she failed to allege some actual injury or adverse effect, beyond a “mere” violation of the law by the offender.

The Illinois Appellate Court upheld that pleading requirement, but the Illinois Supreme Court reversed, finding that when a private entity fails to comply with BIPA’s requirements, that violation constitutes an “invasion, impairment or denial of the statutory rights of any person whose biometric identifier or biometric information is subject to the breach,” and that such a person was clearly “aggrieved” and entitled to seek recovery. This ruling is hailed as a significant boost to plaintiffs’ rights and opens the door in Illinois for similar cases to proceed.

Likewise, contracts for services that include the disclosure of personal information concerning an Illinois resident must include a provision requiring the person to whom the information is disclosed to implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification or disclosure. (See Section 45 of the Personal Information Protection Act, Data Security).

The California Consumer Privacy Act

On Jan. 1, 2020, the California Consumer Privacy Act (CCPA), as amended, is scheduled to take effect. However, due to the introduction of additional amendments, it’s not yet clear what the final law or implementing regulations will look like. However, there is still significant support for the law, in spite of certain industry-group objections.

In brief and as presently written, CCPA requires companies that meet the jurisdictional thresholds to disclose to consumers the categories of information they collect, along with the purposes for which the information is being collected. The law provides consumers (i.e. California residents) the right to:

Request what specific personal information a business collects, sells or discloses, the sources from which data is collected, and the purposes for doing so.

Request that a business delete their personal information.

Opt out of having their personal information collected or sold. Consumers that opt out are protected against denial of goods and services, price discrimination and discrimination in quality of service.

As currently written, the law applies to for-profit businesses that, do business in California, and collect personal information about California consumers, and that meet at least one of the following three tests:

Has annual gross revenue in excess of $25 million.

Buys, receives for commercial purposes, sells or shares for commercial purposes the data of over 50,000 consumers annually.

Derives over 50 percent of its revenue from selling consumers’ personal information.

The practical meaning of all of this is that if the law applies, a business must create policies that clearly delineate its data collection and use practices as well as create systems to track this information and honor consumers’ rights within the time periods mandated by CCPA. Although companies have long been required to maintain and post privacy policies about their data collection practices and uses—and the sufficiency of those policies have been the subject of enforcement actions by the Federal Trade Commission (FTC) under Section 5 of the Federal Trade Commission Act, Unfair or Deceptive Acts or Practices—CCPA will more specifically set forth the requirements that those policies and practices must meet.

Moreover, CCPA violators face potentially severe penalties. As presently written, any business that violates the law, and fails to cure any alleged violation within 30 days after being notified, is subject to an injunction and liable for a civil penalty of not more than $2,500 for each violation, or $7,500 for each intentional violation, which is assessed and recovered in a civil action brought in the name of the people of the State of California by the Attorney General.

The law is scheduled to go into effect on Jan. 1, 2020, but may not be enforced until the earlier of the date the California Attorney General issues regulations concerning CCPA, or July 1, 2020. Certain exemptions are written into the law and it does not apply to:

Providers of health care governed by CMIA or a covered entity governed by HIPAA.

Information collected as part of a clinical trial subject to the Federal Policy for the Protection of Human Subjects, and subject to regulatory compliance.

Sale of personal information to or from a consumer reporting agency if that information is to be reported in, or used to generate, a consumer report as defined by subdivision (d) of Section 1681a of Title 15 of the United States Code, and use of that information is limited by the federal Fair Credit Reporting Act (15 U.S.C. Sec. 1681 et seq.).

Personal information collected, processed, sold or disclosed pursuant to the federal Gramm-Leach-Bliley Act implementing regulations, if it is in conflict with that law, or the California Financial Information Privacy Act.

Personal information collected, processed, sold, or disclosed pursuant to the Driver’s Privacy Protection Act of 1994 (18 U.S.C. Sec. 2721 et seq.), if it is in conflict with that act.

Congressional hearings

Hearings continue at the federal level in the Senate and House to consider establishing a federal privacy law consistent with the intent and purposes behind CCPA. On Feb. 27, 2019, the Senate Committee on Commerce, Science and Transportation held a hearing regarding Policy Principles for a Federal Data Privacy Framework in the United States, and the Senate Judiciary Committee held a hearing on March 12, 2019. At the latter, Google’s Senior Privacy Counsel and Intel’s Director of Security Policy and Global Privacy Officer advocated for a federal regulatory approach. The arguments being made for a federal regulatory approach include that, without a U.S. federal law, individual states will legislate, creating an unworkable patchwork of laws. This approach is confusing for individuals seeking to protect their rights, and for companies seeking to comply with the laws. Today, the patchwork approach already exists with respect to data breach notification laws: the 50 states have 50 different laws.

In January 2019, the United States Government Accountability Office (GAO) issued a Report on Internet Privacy to the Chairman of the House Committee on Energy and Commerce that was released to the public Feb. 15, 2019. GAO notes that it was asked to review federal oversight of Internet privacy due to several events.

In April 2018, Facebook disclosed that a Cambridge University researcher may have improperly shared the data of up to 87 million of its users with a political consulting firm. This disclosure followed other incidents involving the misuse of consumers’ personal information from the Internet, which is used by about three-quarters of Americans. GAO found that there is no comprehensive U.S. Internet privacy law governing private companies’ collection, use, or sale of users’ data, and recommended that Congress consider developing comprehensive Internet privacy legislation to better protect consumers. Appendix II of the GAO’s report lists FTC’s internet privacy enforcement cases filed between July 2008 and June 2018, describing the summary of privacy allegations and the settlements with the FTC.

Although it’s difficult to predict the timing and scope of any federal privacy legislation—outside of the already existing federal laws governing certain industries, such as HIPAA in the health care industry and Gramm-Leach-Bliley in the financial industry—it is easy to see that as time goes on, U.S. privacy regulation will continue to become more and more complex.